During an overhaul of its onboarding process, a mid-sized company wants to weave security controls into every step that a new employee takes on their first day. Which change to the documented onboarding procedure would be the most effective at protecting corporate assets while still enabling new hires to be productive?
Access to internal resources is immediately granted to new hires, with a formal security orientation scheduled after their first month of employment.
Full network access is granted on the first day with a briefing held by the security team, supplemented by email reminders about security policies.
New hires are given minimal guidance to encourage self-learning about security practices, providing full access to internal systems to promote immediate immersion.
Network credentials are provided after completion of comprehensive security training on the first day, followed by access that is scaled up based on role-specific requirements.
Requiring new hires to complete security awareness training before any network credentials are issued ensures they understand organizational policies and their responsibilities. Granting only the minimum role-based access they need after training limits potential damage if an account is compromised. Additional privileges can then be added as employees demonstrate continued compliance, reflecting the principle of least privilege. Approaches that grant full access before training or postpone training increase the window of exposure and contradict accepted best practices.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege?
Open an interactive chat with Bash
Why is security awareness training important before granting network access?
Open an interactive chat with Bash
What are role-based access controls (RBAC), and how do they function in onboarding?